46. Docker Enterprise Edition
Docker Community Edition
containerd
1
2
3
4
The best container
development workflow
The best enterprise
container security and
management
Native Kubernetes
integration provides full
ecosystem
compatibility Industry-standard
container runtime
Docker with Swarm and Kubernetes
49. Docker is building a stack to program the Internet
CE
EEA commercial product,
built on
a development platform,
built on
infrastructure,
built on
standards.
54. Docker Community Edition
Developers EnterpriseContainer Ecosystem
The Docker Innovation Model
Docker Enterprise Edition
9,149 Open Source Contributors 8800 PRs/Year
62. containerd 1.0 Dec 2017
https://blog.docker.com/2017/12/cncf-containerd-1-0-ga-announcement/
63. Early History
APRIL 2016 Containerd “0.2” announced, Docker 1.11
DECEMBER 2016Announce expansion of containerd OSS project, roadmap to 1.0
Management/Supervisor for the OCI runc executor
Containerd 1.0: A core container runtime project for the industry
65. runc
containerd
Why Containerd 1.0?
▪ Continue projects spun out
from monolithic Docker engine
▪ Expected use beyond Docker
engine (Kubernetes CRI)
▪ Donation to foundation for
broad industry collaboration
▫ Similar to runc/libcontainer and
the OCI
66. Technical Goals/Intentions
▪ Clean gRPC-based API + client library
▪ Full OCI support (runtime and image spec)
▪ Stability and performance with tight, well-
defined core of container function
▪ Decoupled systems (image, filesystem,
runtime) for pluggability, reuse
67. Requirements
- A la carte: use only what is required
- Runtime agility: fits into different platforms
- Pass-through container configuration (direct OCI)
- Decoupled
- Use known-good technology
- OCI container runtime and images
- gRPC for API
- Prometheus for Metrics
68. Use cases
- CURRENT
- Docker (moby)
- Kubernetes (cri-
containerd)
- SwarmKit (experimental)
- LinuxKit
- BuildKit
- FUTURE/POTENTIAL
- IBM Cloud/Bluemix
- OpenFaaS
- {your project here}
69. containerd 1.0 facts and figures
• 1994 GitHub stars, 401 forks
• 108 contributors
• 8 maintainers from independents and and member companies alike including Docker, Google, IBM, ZTE and ZJU .
• 3030+ commits, 26 releases
70. Resources
To participate in containerd: github.com/containerd/containerd
• Getting Started with containerd: http://mobyproject.org/blog/2017/08/15/containerd-getting-started/
• Roadmap: https://github.com/containerd/containerd/blob/master/ROADMAP.md
• Scope table: https://github.com/containerd/containerd#scope
• Architecture document: https://github.com/containerd/containerd/blob/master/design/architecture.md
• APIs: https://github.com/containerd/containerd/tree/master/api/.
• Learn more about containerd at KubeCon by attending Justin Cormack’s LinuxKit & Kubernetes talk at Austin Docker Meetup, Patrick Chanezon’s Moby session Phil Estes’ session or the containerd salon
75. Image Registry
CI/CD
Security scan
& sign
Traditional
Third Party
Microservices
docker store
DEVELOPERS IT OPERATIONS
Control Plane
Docker EE Platform to Modernize Traditional Apps
And Beyond
79. The Innovation Challenge
Average IT Spend By Type
INNOVATION
MAINTENANCE
20%
80%
20%
40%
60%
80%
100%
0%
1%
Windows Server 2008
Windows Server 2012
Windows Server 2000
Windows Server 2003
Red Hat, Other Linux, Other OS
Server OS Market Share
Sources: Bank of America, Spiceworks, SolarWinds
18%
45%
24%
12%
82. The Docker Modernize Traditional Apps
POC Program
Partner
Consulting Services
Partner
Infrastructure
Docker
Enterprise
Edition
Portable
Agile
Secure Efficient
< 5 days
+ +
No
Code
Changes
App
Existing
Application
Convert to a
Docker EE
container
Modern
Infrastructure
83. Reducing total costs by 50%
MTA POC Impact
Hybrid
Cloud-Ready
Portability Agility
2x Faster
Security
Isolation & Integrity
84. 84
KEY CHALLENGES
• Accumulated thousands of apps, 400+ systems of record
and 5 infrastructures over 150 years
• Difficult to innovate with majority of budget spent on
maintenance
SOLUTION
• Leverage Docker MTA program to modernize the email opt-
out app with Docker EE to drive down total costs
Docker EE and MTA create self funding model
for container adoption
-70%
VMs
-67%
Cores
10x
Average CPU
utilization
+ +
-66%
Total Cost of
Ownership
593
Applications
RESULTS
• Modernization of single app completed in 1 day
• Applying model to other apps built with same technology
• Business case forecasts a 66% cost reduction
85. 85
KEY CHALLENGES
• Maintenance costs of managing traditional apps on prem
• Code quality was increasingly difficult with outsource
software house
• App delivery process was too slow for the pace of the
business
SOLUTION
• Leverage Docker MTA program jointly with their trusted
partner Accenture
App Visibility and Consistency at 50% the Cost
RESULTS
• 50% savings across all applications
• Unified architecture for the first time
• New visibility into their outsourced applications
96. What is a container orchestrator?
Management of containers running in one or more container runtimes
97. Docker Enterprise Edition
Docker Community Edition
containerd
The best container
development workflow
The best enterprise
container security and
management
Docker: Now Powered by Swarm and Kubernetes
Native Kubernetes
integration provides full
ecosystem
compatibility Industry-standard
container runtime
98. Test locally on Swarm
and Kubernetes
Develop with Docker
Community Edition on
your workstation
Deploy to production in
Swarm
Deploy to production in
Kubernetes
Docker Community Edition
All in one development for Swarm and Kubernetes
101. - Easy High Availability provisioning
- Cryptographic node identity
Features Swarm Support
- Registry
- Content Trust
- Secure
Scanning
- Clean upstream integration
- Full ecosystem compatibility
- Role Based Access Control
- Authorization, Authentication
- Node Segmentation
Secure Cluster Lifecycle
Secure Supply Chain
100% Interoperability
Secure Multi-tenancy
Management Dashboard
Supported and Certified on Windows Server and Major Linux Distributions
Kubernetes Support
Docker Enterprise Edition
Management for Swarm and Kubernetes
109. 无为 Wu-Wei: Modernize traditional
applications without coding
The Tao (之道) of Docker
自然 Ziran: create microservice applications
with the container platform that started the
container revolution
This is compared to “container systems of the past” that were monolithic and tightly coupled
Example: hard to reuse components; e.g. take a Docker graphdriver and use it to implement a volume driver
Towards a Docker Containers as a Service application environment that provides a common interface but separation of concerns for your developers and IT operations team to work together to build, ship and run distributed apps
ADP operates in a more traditional centralized IT model where IT manages and operates the application and environment ongoing. ADP looked at Docker as they began their transition to DevOps. They were interested in gaining more efficiencies and reuse of code by moving to a shared services model instead of monoliths with a lot of repeat services. ADP has OpenStack for their private cloud and AWS for their public cloud. As part of the transition, ADP would will setup a central marketplace where the shared services apps are available for the app teams. In the ADP example both the environment and ongoing management remains centralized.
Use Cases
- Transition to Micro services
- Enable Dev Ops
- CI/CD
Why Docker?
Need app portability so they can choose to move across AWS / Openstack
Agility
Streamline lifecycle time to move apps from dev to prod
Enable a central repository of “app templates” for common services
Portability
Support AWS cloud and OpenStack private cloud environments
Control
Centralized management and control of images, apps and infrastructure
Enable secure content lifecycle with integrated image signing and verification
Towards a Docker Containers as a Service application environment that provides a common interface but separation of concerns for your developers and IT operations team to work together to build, ship and run distributed apps
George decides to consider his career like a startup